Re: remote downlevel document

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 04/21/05

  • Next message: Steve R: "Re: AVG reports files changed"
    Date: Thu, 21 Apr 2005 17:18:59 -0400
    
    

    From: "atx" <atx@xerox.com>

    | Hi,
    | our printers suddenly print some nonsense characters on papers and this is
    | logged as "remote downlevel document owned by x printed x pages/bytes..." on
    | system event log of print servers with event ID 10. The users are just a few
    | persons we saw from log detais and they all have local admin rigths on their
    | domain machines. We scanned for virus/worm on their machines, but nothing is
    | detected (machines are clean). we also scanned for spywares with MS anti
    | spyware beta and spybot and they detected nothing. Now what can be the
    | problem of this strange printing attempts?? Printing attempts start nearly
    | synchronously from these few users who are located at different sites. We
    | still suspect of some triggering malicious mechanism embedded in some
    | software... Any help/idea would be very userful. thanx.
    | atx.
    |

    Dump the contents of the IE Temporary Internet Folder cache (TIF)
    start --> settings --> control panel --> internet options --> delete files

    Dump the contents of the Mozilla FireFox Cache
    Tools --> Options --> Privacy --> Cache --> Clear

    Obtain McAfee's virus and worm removal tool, Stinger: http://vil.nai.com/vil/stinger/

    1) If you are using WinME or WinXP, disable System Restore
            http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    2) Reboot your PC into Safe Mode and shutdown as many applications as possible
    3) Using McAfee Stinger, perform a Full Scan of your platform and clean/delete any
             infectors found
    4) Restart your PC and perform a "final" Full Scan of your platform
    5) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
            System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
    6) Reboot your PC.
    7) If you are using WinME or WinXP, create a new Restore point

    * * * Please report back your results * * *

    -- 
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    

  • Next message: Steve R: "Re: AVG reports files changed"

    Relevant Pages

    • Re: W2k3 - lsass shutdown problem
      ... Obtain McAfee's virus and worm removal tool, Stinger: http://vil.nai.com/vil/stinger/ ... If you are using WinME or WinXP, disable System Restore ...
      (microsoft.public.security.virus)
    • Re: Download.Trojan
      ... If you are using WinME or WinXP, re-enable System Restore, reboot the PC ...
      (microsoft.public.security.virus)
    • Re: Anybody hear of this?
      ... I have received the JPEG. ... |> 3) If you are using WinME or WinXP, disable System Restore ...
      (microsoft.public.security.virus)
    • Re: Very Strange Problem
      ... Dowload the Trend Pattern File by obtaining the ZIP file. ... If you are using WinME or WinXP, disable System Restore ...
      (microsoft.public.windowsxp.general)
    • Re: Notepad.exe not working properly ...
      ... If you don't have c:\i386 but have the winXP CDROM, ... |> 2) If you are using WinME or WinXP, disable System Restore ... |> 3) Reboot your PC into Safe Mode ...
      (microsoft.public.windowsxp.general)